Reproducible Builds regression: dns-fallback.json #6823
Labels
Comments
|
I've setup a project that automatically extracts the official dns-fallback.json from https://github.com/kpcyrd/signal-desktop-dns-fallback-extractor The https://raw.githubusercontent.com/kpcyrd/signal-desktop-dns-fallback-extractor/${pkgver}/dns-fallback.json |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Using a supported version?
Overall summary
Arch Linux is very far in implementing reproducible builds and has multiple independent groups that compare the official binaries with the binaries they compiled on their own computers.
This has been working fine for signal-desktop the last few years, today I noticed signal-desktop is currently listed as "not reproducible" on https://reproducible.archlinux.org/ (the instance that is run by Arch Linux staff):
The rebuilder has generated a semantic diff (although it doesn't understand .asar that well):
https://web.archive.org/web/20240311104937/https://reproducible.archlinux.org/api/v0/builds/594200/diffoscope
This might be somewhat difficult to read, most of the differences are an offset being off-by-one, but the first difference seems to be:
So the content of
dns-fallback.jsonbecame 1 byte larger in the second build.Ater a quick search in the source code I found ts/scripts/generate-dns-fallback.ts which seems to define how this file is generated.
The content of
build/dns-fallback.jsonas currently distributed by Arch Linux:[ { "domain": "cdn.signal.org", "endpoints": [ { "family": "ipv4", "address": "52.85.243.122" }, { "family": "ipv4", "address": "52.85.243.45" }, { "family": "ipv4", "address": "52.85.243.48" }, { "family": "ipv4", "address": "52.85.243.51" }, { "family": "ipv6", "address": "2600:9000:20ab:0:1d:4f32:50c0:93a1" }, { "family": "ipv6", "address": "2600:9000:20ab:3800:1d:4f32:50c0:93a1" }, { "family": "ipv6", "address": "2600:9000:20ab:5a00:1d:4f32:50c0:93a1" }, { "family": "ipv6", "address": "2600:9000:20ab:6000:1d:4f32:50c0:93a1" }, { "family": "ipv6", "address": "2600:9000:20ab:6e00:1d:4f32:50c0:93a1" }, { "family": "ipv6", "address": "2600:9000:20ab:ca00:1d:4f32:50c0:93a1" }, { "family": "ipv6", "address": "2600:9000:20ab:d000:1d:4f32:50c0:93a1" }, { "family": "ipv6", "address": "2600:9000:20ab:e800:1d:4f32:50c0:93a1" } ] }, { "domain": "cdn2.signal.org", "endpoints": [ { "family": "ipv4", "address": "104.18.37.148" }, { "family": "ipv4", "address": "172.64.150.108" }, { "family": "ipv6", "address": "2606:4700:4400::6812:2594" }, { "family": "ipv6", "address": "2606:4700:4400::ac40:966c" } ] }, { "domain": "cdn3.signal.org", "endpoints": [ { "family": "ipv4", "address": "104.18.37.148" }, { "family": "ipv4", "address": "172.64.150.108" }, { "family": "ipv6", "address": "2606:4700:4400::6812:2594" }, { "family": "ipv6", "address": "2606:4700:4400::ac40:966c" } ] }, { "domain": "cdsi.signal.org", "endpoints": [ { "family": "ipv4", "address": "40.122.45.194" }, { "family": "ipv6", "address": "2603:1030:7::1" } ] }, { "domain": "chat.signal.org", "endpoints": [ { "family": "ipv4", "address": "13.248.212.111" }, { "family": "ipv4", "address": "76.223.92.165" }, { "family": "ipv6", "address": "2600:9000:a507:ab6d:4ce3:2f58:25d7:9cbf" }, { "family": "ipv6", "address": "2600:9000:a61f:527c:d5eb:a431:5239:3232" } ] }, { "domain": "create.signal.art", "endpoints": [ { "family": "ipv4", "address": "3.212.48.146" }, { "family": "ipv4", "address": "34.225.135.26" }, { "family": "ipv4", "address": "34.237.179.85" }, { "family": "ipv4", "address": "44.207.181.6" }, { "family": "ipv4", "address": "52.204.93.252" }, { "family": "ipv6", "address": "2600:1f18:3b01:a400:de47:813d:5ced:e4ad" }, { "family": "ipv6", "address": "2600:1f18:3b01:a401:5c61:96fd:2912:fd11" }, { "family": "ipv6", "address": "2600:1f18:3b01:a402:8d24:5bdf:4599:d940" }, { "family": "ipv6", "address": "2600:1f18:3b01:a403:2b1b:7db6:c854:78e2" }, { "family": "ipv6", "address": "2600:1f18:3b01:a404:6629:1881:83cc:3cfa" } ] }, { "domain": "sfu.voip.signal.org", "endpoints": [ { "family": "ipv4", "address": "35.244.140.160" }, { "family": "ipv6", "address": "2600:1901:0:feb2::" } ] }, { "domain": "storage.signal.org", "endpoints": [ { "family": "ipv4", "address": "142.250.74.115" }, { "family": "ipv6", "address": "2a00:1450:400f:805::2013" } ] }, { "domain": "updates2.signal.org", "endpoints": [ { "family": "ipv4", "address": "104.18.43.97" }, { "family": "ipv4", "address": "172.64.144.159" }, { "family": "ipv6", "address": "2606:4700:4400::6812:2b61" }, { "family": "ipv6", "address": "2606:4700:4400::ac40:909f" } ] } ]It seems
storage.signal.orghas changed from142.250.74.115to142.250.181.211(causing the 1 byte increase).Embedding this kind of data is generally fine in Arch Linux, however could this file be attached to the github release as an artifact? The "official"
dns-fallback.jsonis currently only available inside of the official signal-desktop .deb. :)Currently these build instructions are used:
Suggestions on how to edit this very welcome! 🫶
This is somewhat related to #6814.
Thanks!
Steps to reproduce
Expected result
Actual result
Screenshots
Signal version
7.1.1
Operating system
Arch Linux
Version of Signal on your phone
No response
Link to debug log
No response
The text was updated successfully, but these errors were encountered: